← Autoridad de Certificacion Firmaprofesional cases
Bugzilla #1368171
Certificate Problem Report
Firmaprofesional: Non-audited, non-technically-constrained intermediate certificates
RESOLVED
Autoridad de Certificacion Firmaprofesional
AI Summary
This case addresses concerns regarding intermediate certificates issued by Firmaprofesional that are not audited and lack technical constraints. The certificates in question chain up to a root certificate in Mozilla's store, raising compliance issues. The CA has been noted for its failure to meet disclosure requirements, leading to discussions about the necessity of audits and revocations. Ultimately, the certificates have been added to OneCRL, indicating a resolution to the compliance issues raised.
Chronology
- Case opened regarding non-audited certificates.
- Discussion on audit compliance and certificate revocation.
- Further investigation into compliance and audit requirements.
- Confirmed that certificates have been added to OneCRL.
Participants
Kathleen Wilson
Oscar Conesa
Ryan Sleevi
Gervase Markham
External References
Similar Local Cases
GlobalSign: Non-BR-Compliant Certificate Issuance -- RSA key smaller than 2048 bits
Camerfirma: Non-BR-Compliant Certificate Issuance
Visa: Non-BR-Compliant Certificate Issuance
Consorci AOC: Non-BR-Compliant Certificate Issuance
DocuSign/Keynectis: Non-BR-Compliant OCSP Responders
GoDaddy: New GoDaddy incorrect issuance bug appears to be regression of 2010 issue
Firmaprofesional / SIGNE: No BR Audit for intermediate CA technically capable of issuing TLS certs
Add Firmaprofesional subCA Santander Digital Signature to OneCRL